77 matches found
OwnCloud has an unspecified vulnerability
Owncloud ownCloud is a set of personal cloud storage solutions from the American company ownCloud Owncloud. A security vulnerability exists in versions of OwnCloud prior to 0.15.2, which originates when a user creates a public link to a folder where an anonymous user uploads a file, and another...
Owncloud 安全漏洞
Owncloud ownCloud is a set of personal cloud storage solutions from the American company ownCloud Owncloud. A security vulnerability exists in versions of OwnCloud prior to 0.15.2, which originates when a user creates a public link to a folder where an anonymous user uploads a file, and another...
ownCloud Error Page Cross-Site Scripting Vulnerability
ownCloud is the open source file synchronization and sharing solution. A cross-site scripting vulnerability exists in ownCloud, which can be exploited by remote attackers to construct malicious URIs and trick users into parsing them, which can be used to obtain sensitive cookies, hijack sessions,...
CVE-2016-9467
Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from content spoofing in the files app. The location bar in the files app was not verifying the passed parameters. An attacker could craft an invalid link to a fake directory structure and use this to displa...
CVE-2016-9465
Nextcloud Server before 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from Stored XSS in CardDAV image export. The CardDAV image export functionality as implemented in Nextcloud/ownCloud allows the download of images stored within a vCard. Due to not performing any kind of verification o...
CVE-2016-9459
Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are vulnerable to a log pollution vulnerability potentially leading to a local XSS. The download log functionality in the admin screen is delivering the log in JSON format to the end-user. The file was delivered with an attachment...
CVE-2016-1500
ownCloud Server before 7.0.12, 8.0.x before 8.0.10, 8.1.x before 8.1.5, and 8.2.x before 8.2.2, when the "fileversions" application is enabled, does not properly check the return value of getOwner, which allows remote authenticated users to read the files with names starting with ".v" and belongi...
ownCloud Arbitrary File Read Vulnerability
OwnCloud is a free and open source personal cloud storage solution from German company OwnCloud. The solution offers file management, music storage, calendars and more. A security vulnerability exists in ownCloud. A remote attacker can exploit the vulnerability to read arbitrary files in the...
The vulnerability of the web application for data synchronization with ownCloud allows a hacker to circumvent existing access restrictions and gain access to users’ files.
The vulnerability of the virtual file system of the web application for data synchronization with ownCloud is related to the lack of data validation during data retrieval. Exploiting this vulnerability allows a malicious actor to bypass existing access restrictions and gain access to user files b...
ownCloud Information Disclosure Vulnerability (CNVD-2015-06359)
ownCloud is an open source personal cloud storage solution. An information disclosure vulnerability exists in ownCloud, allowing remote attackers to exploit the vulnerability to obtain sensitive information...
ownCloud 'OC_Util::getUrlContent()' Local Information Disclosure Vulnerability
ownCloud is a free and open source personal cloud storage solution created by German KDE developer Frank Karlitschek. The solution offers file management, music storage, calendars, and more. A local information disclosure vulnerability exists in ownCloud 'OCUtil::getUrlContent', which allows...
ownCloud Server Authentication Vulnerability
ownCloud is a free and open source personal cloud storage solution created by German KDE developer Frank Karlitschek. The solution offers file management, music storage, calendars, and more. A security vulnerability exists in ownCloud Server due to the FTP backend "userexternal" failing to provid...
CVE-2013-0204
settings/personal.php in ownCloud 4.5.x before 4.5.6 allows remote authenticated users to execute arbitrary PHP code via crafted mount point settings...
CVE-2013-0204
CVE-2013-0204 affects ownCloud 4.5.x before 4.5.6. A vulnerability in settings/personal.php allows an authenticated remote user to execute arbitrary PHP code via crafted mount point settings, enabling remote code execution. The issue is documented in the official ownCloud advisory OC-SA-2013-002,...
UBUNTU-CVE-2013-2048
ownCloud before 5.0.6 does not properly check permissions, which allows remote authenticated users to execute arbitrary API commands via unspecified vectors. NOTE: this can be leveraged using CSRF to allow remote attackers to execute arbitrary API commands...
UBUNTU-CVE-2013-2086
The configuration loader in ownCloud 5.0.x before 5.0.6 allows remote attackers to obtain CSRF tokens and other sensitive information by reading an unspecified JavaScript file...
Server: User enumeration
apps/calendar/appinfo/remote.php and apps/contacts/appinfo/remote.php in ownCloud before 4.0.7 allows remote authenticated users to enumerate the registered users via unspecified vectors. For more information please consult the official advisory. This advisory is licensed CC BY-SA 4.0...